Posted
by
Unknown Lameron Monday October 21, 2013 @01:17PM
from the drive-slowly-for-maximum-confusion dept.

New submitter TheTerseOne writes "The Columbian, the local newspaper of Vancouver (not BC), Washington (not DC) is reporting that local county traffic officials plan on spending $540k of government money to monitor traffic by connecting to vehicles' Bluetooth systems (whose owners/drivers have left them discoverable). The county claims that, although this sounds 'creepy' and 'like Big Brother,' there is no cause for concern. The specific brand of the system is not mentioned, but similar systems have already been the subject of security alerts."
County officials note that they are stripping out part of the MAC, and the system is intentionally designed not to be useful for law enforcement to locate specific devices.

Sounds like the bluetooth-based system is just sniffing bluetooth IDs, not exactly "connecting" any more than when your phone sniffs out discoverable Wi-fi access points but doesn't really try to register with any of them.

I blame poor article word choice. You can start worrying when they make it illegal to disable your car's bluetooth so they can use the system

I thought the issue with the google wifi map was that they "accidentally" had their packet captures configured to save user data packets in addition to the relatively benign publicly-accessible SSID handshaking info.

How do we know when they occur? Will there be a Snowden-like person to leak things on a city, county, state etc.. level to let us know when our rights/privacy have been compromised? Please do tell when we're supposed to deal with a problem we don't know exists?

I have nothing to hide in my daily travels, and I welcome this advancement in the field of traffic study. It is my hope that such technology can be used to make my driving experience better.

I don't see the problem here. I normally don't give a hoot what they do with their data about what my radios broadcast on public ISM bands, nor how personalized it might be. If I do care, then I can always, you know, stop shouting to anyone in earshot at 2.4GHz about my whereabouts.

And you know what? If you care all the time, you can elect to not shout your whereabouts as well: Stop traveling with active, transmitting 2-way radios. Done.

In general my opposition to tracking, isn't that they are tracking me. Like you I could care less. The concern about tracking is more about the tracking in mass for the wrong reason. The officer who is stalking a woman. Do they use this data to intimidate others into being a false witness, or use it to track who Michael Dell is dealing with to gain some insider trading knowledge. Are they tracking reporters, to track down a leak (like Snowden.) Putting too much data into one database without having sol

so how are you going to feel if someone spoofs your Bluetooth ID at the scene of a crime and you don't, have an alibi?

There, fixed it for you. If you're going to make that argument you may as well do it honestly. The difference between if and when is probably more than 99.999% in terms of probability. For many, this would completely change their position in an argument.

I am - it is a problem because of the inevitability of scope-creep. Waiting until it's too late would be absolutely fucking stupid, because as we've all seen with legislation such as the PATRIOT Act and NDAA, once the government takes a kind of power they will not fucking surrender it.

I'm going to ignore the rest of your post as it adds nothing useful to the conversation (other than letting the rest of us know how unreasonable a person you are).

If the system doesn't collect individual data, then it's impossible to get the scope creep you're afraid of.

Your whole premise is that the big evil Man will secretly collect individual data. Maybe they'll secretly implant tracking chips in our molars. Maybe the Pod People will reveal themselves. If you want to worry about every possible outcome of everything, go for it. I actually have a life that I like to enjoy.

If the system doesn't collect individual data, then it's impossible to get the scope creep you're afraid of.

Your whole premise is that the big evil Man will secretly collect individual data. Maybe they'll secretly implant tracking chips in our molars. Maybe the Pod People will reveal themselves. If you want to worry about every possible outcome of everything, go for it. I actually have a life that I like to enjoy.

THe GP made the mistake of assuming that you knew how BT works. You do know that each BT device has a globally unique serial number, correct? And that they could, through vehicle registration and manufacturing info potentially know exactly where you are on the roads at any given moment? Sure you may not have BT built into your car, or you could spoof your MAC but the average person will have no way of knowing that they are not anonymous, as you just demonstrated.

If the system doesn't collect individual data, then it's impossible to get the scope creep you're afraid of.

Your whole premise is that the big evil Man will secretly collect individual data. Maybe they'll secretly implant tracking chips in our molars. Maybe the Pod People will reveal themselves. If you want to worry about every possible outcome of everything, go for it. I actually have a life that I like to enjoy.

I don't expect you to read the article. But I do expect you to read the entire submission.

"County officials note that they are stripping out part of the MAC".

Which will always happen, universally; the policy will never change, and there's no way clandestine Three-Letter-Agencies will present NSL's demanding the logs and records for them to compare against their massive haystack databases. Trust us, we're from the government and we're here to help!

I sometimes wonder what it's like to be so naively trusting of authority... but only until I remember that I have a brain, and remember that it does function properly.

If incomplete MACs are recorded, then those logs can still be useful to TLAs if you can figure out how to shove the following into an SQL statement:

"Which MACs are in our vehicular bluetooth database that contain 0E:5A:B2? Which ones of those those are associated with vehicles registered within 20 miles of Vancouver? Which of those belong to a grey Buick?

I don't expect you to read the article. But I do expect you to read the entire submission.

"County officials note that they are stripping out part of the MAC".

Yes but what part of the MAC? That is not enough to guarantee that you have become annonymous. First of all, the MAC has a vendor specific code. So potentially they could know exactly what kind of car it is, down to the make and model, just from the MAC. Secondly, depending on just how many sensors they have networked, they could track all of your trips daily from start to finish and use the aggregate data to determine exactly where you live and work. Finally, how do you actually know that they are be

Calgary (Alberta, not Texas) has been doing this along major routes for a while, and it's fantastic. Road side signs give very accurate updates on the fly as to how long it will take to get to the next major landmark.

Around large-ish cities in Ohio, I see similar signage. It is normally spot-on.

However, in Ohio, these seem to work on data provided by little solar-powered Doppler units mounted on poles and signs along the highway, not Bluetooth. This gives a perfectly reasonable picture of average traffic speed, while remaining completely anonymous and requiring zero end-user hardware except for a large enough vehicle to generate an echo.

(The results from these Doppler units are available, presumably with additional da

Why would they need to know statistics about bluetooth devices in cards? They see a bluetooth device at point A, then a little later see the same device at point B. d=rt, the distance and time are known so the rate of traffic can be easily determined.

Why would they need to know statistics about bluetooth devices in cards? They see a bluetooth device at point A, then a little later see the same device at point B. d=rt, the distance and time are known so the rate of traffic can be easily determined.

A couple license plate readers would accomplish the same feat, without having to port-scan my personal property*. Probably a lot cheaper to do it that way, too.

* Contrary to popular misconception, your license plates are property of the state, not the individual they are issued to.

A couple license plate readers would accomplish the same feat, without having to port-scan my personal property*. Probably a lot cheaper to do it that way, too.

Nope, computer-vision-based vehicle detection systems are more expensive -- in fact, the only reason why DOTs bother with bluetooth is that it's cheaper (it is not better).

By the way: vision-based VDS detects the whole vehicle (in the sense of "are the pixels in this rectangle we've superimposed on the image of the lane changing?"). One VDS camera can cover the whole width of the freeway (in each direction). Detecting license plates (let alone reading them) would probably be even more expensive because it would require either higher-resolution cameras, a camera for each lane, or both.

So put an RFID tag in the registration tag. Granted, that doesn't do much to assuage my paranoia about having my travel patterns logged, but at least they'd be tracking their own stuff instead of mine. Plus, no need to worry about scope creep (other than the aforementioned ubiquitous logging of individual travel).

One thing you should know is that I'm probably just as paranoid as you, but have also worked in the ITS (Intelligent Transportation Systems) field. I feel a lot more comfortable with Bluetooth-based vehicle detection systems (VDS) than I would with any of the alternatives you've proposed, from a privacy standpoint. (I still like "traditional-vision" or EM loop detection better, though.)

First of all, for the implementation of Bluetooth VDS I worked with, all we at the DOT had access to was the end-result veh

OK, since you've worked in the field and are apparently concerned about privacy, I'll take your word for it. I can always spoof my MAC addys, I suppose.

One caveat:

DOTs actively avoid retaining that kind of data.

That's not universal - hell, here in MO the DOR (who runs the DOT) just got their asses handed to them for illegally retaining records of CCW permit holders, then illegally turning them over to the IRS.

They aren't 'port scanning' anything. They don't know your 'personal property' even exists. They are simply standing on a corner yelling 'anybody want to identify themselves'. If you don't want to identify yourself, don't answer. If you don't want your personal property to identiffy itself, instruct it not to answer.

They aren't 'port scanning' anything. They don't know your 'personal property' even exists. They are simply standing on a corner yelling 'anybody want to identify themselves'. If you don't want to identify yourself, don't answer.

They might not today, but all that data adds up.

MAC 00:00:86:FF:2B:C4 might not personally identify you on the first pass, but as we've learned from Google and Facebook, with enough data points you can identify anybody. What happens when LEO Bluetooth scanners are ubiquitous? Defacto universal tracking system, that's what.

If you don't want your personal property to identiffy itself, instruct it not to answer.

Many cars do not give the owners that option; if the car is on, then the BT is on and broadcasting.

Every car owner has the option: There is no security threat here that cannot be solved by a pair of diagonal cutters in skilled hands, or a Sawzall in less-skilled hands.

The problem, if there is a problem to begin with (and I'm not convinced that there is), is that folks are increasingly blind to the way that radios work, and remain blissfully unaware that this could ever be a problem.

I think my great grandpa probably knew more about radios than most folks today, and all he was trying to do was pick up an

They said "they are stripping out part of the MAC". They can strip off enough that it is not a globally unique ID, but it could still be useful to identify the same vehicle twice on the same road segment.

County officials note that they are stripping out part of the MAC (of course they will), and the system is intentionally designed not to be useful for law enforcement to locate specific devices (of course it won't).

Until presented with a court order to preserve this information along with a gag order not to mention it. There is no inherent technical or legal protection of this data. The technical side can fix historical data but it trivial to bypass from the point of being served. Legal protection pretty much requires an amendment.

Depends what part they strip out. If they drop the manufacturer ID, whoop-de-do, that can be guessed later on.

Instead of just dropping a chunk that can be possibly rebuilt, how about at the minimum, using a hash of the ID? The ideal would be a salted hash, with the salt a secret (so someone later on can't grab a list of MACs and convert/correlate them with the hashed versions.)

All that is needed is a unique identifier. The detector for BT devices can just create a salt it stores internally and changes ev

They will (initially) remove "about half" of the MAC address. I'm guessing they will be removing the first half, which only identifies the manufacturer. Practically this does almost nothing to reduce the ability to uniquely identify cars. If they remove more bytes it would reduce this ability without much reduction to their ability to monitor traffic flow..

Also, it's difficult to charge government organizations for a felony... Its even more so difficult to charge a law enforcement official of doing any wrongdoing unless there's a 100:1 outcry against the officer, and it's on tape, and the officer loses support from his peers.

The city of Vancouver, Washington is in the state of Washington. TFS gives a strong hint to that effect.

Also, it's difficult to charge government organizations for a felony...

That, I think, is GP's point. As a practical matter, the county government doesn't have to worry about complying with the CFAA. We Americans like to think of our country as a nation of laws, but the application of those laws seems increasingly capricious and one-sided.

The same kinds of systems are used all over, in many states. Georgia, for example, uses it for vehicle detection in most of the Interstates outside of Metro Atlanta. (In Atlanta they use traditional computer-vision-based detection instead, because it was put in before Bluetooth detection became available and because it gives more detailed data (namely, lane-by-lane vehicle counts).)

I can only assume the reason the CFAA doesn't apply is that these systems don't "connect" to the vehicles' devices is any meani

The heart of that case involved Google intercepting data sent over an unsecured wi-fi connection, which the sender (stupidly) expected to be private. This traffic system is intercepting data that your phone is intentionally broadcasting publicly.

Systems that broadcast to people nearby can be a lot of fun and useful. Game consoles "social" apps, WiFi, safety applications or just allowing passengers to pair to stereo with least amount of effort.

That is until some asshole tries inevitably tries to collect and aggregate everything. I don't care if it is useful or insecure or you take x measures to prevent y value judgment... you are still an asshole.

If you don't want to be discovered with Bluetooth, don't leave your devices in discoverable mode!

More to the point - What BT devices actually broadcast their availability continually? Both my cars actually pop up an on-demand 90 or 120 second countdown to show how long you have left to try to pair a device to them; all the devices I've tried pairing to them either do something similar, or even go so far as to do a single active sweep before giving up and going silent again.

If you don't want to be discovered with Bluetooth, don't leave your devices in discoverable mode!

More to the point - What BT devices actually broadcast their availability continually?

I know the Bluetooth in a VW Jetta will talk to anything within range, until a device actually pairs with it; I also know that when Ford started putting BT capabilities in cars they were notorious for being wide open and beaconing constantly, although I'd wager FoMoCo has done something about it since then (I found out about the issue pre-Sync).

That was different: The trouble Google had was that they were recording actual data packets of actual data transmissions, and that this data has no non-nefarious use.

Had they been merely documenting the broadcast beacon sent by APs, it would not have been an issue. (Just as it has not been an issue for Wigle or Skyhook, both of whom collect geolocation data for APs based on BSSID.)

It would track those cars' movement through the system - how long to get from position A to position B. I doubt it would be used to monitor traffic quantity - more intelligent people don't have their devices discoverable. So it would disproportionately benefit the stupid. Traffic jams don't usually happen in primarily residential areas. That is, unless your own residential street is being used as a bypass around traffic.

while many people will neither know nor care about the effort to smooth out traffic, Vancouver may be mistaken in their zeal. While my old 2001 crown victoria does not include bluetooth, the wireless laptop inside is programmed to dump millions of MAC's per second once a bluetooth connection is solicited, many of them malformed with negative integers, spaces and special characters...

Sometimes I collect the macs of vehicles in around me, and much like the towers of hanoi spoof them as i pass the readers o

that seems like an awful lot of effort, for very little gain, other than to show that you can be an ass. What's the point?

His point is that it only takes one asshat to pollute the system, and it's guaranteed that there's more than one. I also remember reading something recently related to this, showing that false info can be fed to google to create non-existant traffic jams in Maps.

that seems like an awful lot of effort, for very little gain, other than to show that you can be an ass. What's the point?

His point is that it only takes one asshat to pollute the system, and it's guaranteed that there's more than one. I also remember reading something recently related to this, showing that false info can be fed to google to create non-existant traffic jams in Maps.

It would be trivial to detect and bitbucket the massive amounts of bad data described, and spamming thresholds low enough to not trigger detection would probably be statistically irrelevant.

Most major highways and streets rely on hardware sensors embedded into the road anyway. Anything else is supplemental or for less important roads.

if the system thinks there's a jam it'll move everyone else off the road.

so.. yeah, benefit right there.

what I don't get is that obviously they're taking part of the mac out but why bother? in the region the bt device is in it's going to be unique enough or the system wouldn't work - so you could still trace it to that unique car.

It seems like the phrase "government money" is dropped in here just to bait arguments. Was there any doubt it was government money? If it were private money, would that be a problem? Wouldn't it be a different problem? Wouldn't "public funds" or "a state/federal grant" have been the same or more accurate?

From TFA: "The program is being funded primarily through a $540,000 federal grant, with a small match from the local governments." TFA actually has a lot of other good 'geeky' detail, like "3-5% of traffic

This seems really complicated. Why not just track the RFID signature generated by the various parts of the car which are tagged? Tires, replacement parts, items in the trunk, ID badges on the passengers....

Personally, every time someone comes up with some "no need for concern" bull, I say let the politicians in charge be the first to use it. No need to be concerned about the power plant? Great, have the town council move in next to it. No need to be concerned about food? Great, put it on the menu for them. No need to be concerned about surveillance? Great, move politicians to the front row to be under scrutiny.

If it was required to be used on them first, I'm pretty sure we'd have a lot fewer things not to be concerned about.

Since it seems to meet the criteria of RCW 9A.52.110, I'd say every attempt to connect is a Class C Felony. However, at the very least, it's a misdemeanor.

RCW 9A.52.110Computer trespass in the first degree.

(1) A person is guilty of computer trespass in the first degree if the person, without authorization, intentionally gains access to a computer system or electronic database of another; and

(a) The access is made with the intent to commit another crime; or

(b) The violation involves a computer or database maintained by a government agency.

(2) Computer trespass in the first degree is a class C felony.

[1984 c 273 1.]

*****************

RCW 9A.52.120Computer trespass in the second degree.

(1) A person is guilty of computer trespass in the second degree if the person, without authorization, intentionally gains access to a computer system or electronic database of another under circumstances not constituting the offense in the first degree.

(2) Computer trespass in the second degree is a gross misdemeanor.

[1984 c 273 2.]

******************

RCW 9A.52.120Computer trespass in the second degree.

(1) A person is guilty of computer trespass in the second degree if the person, without authorization, intentionally gains access to a computer system or electronic database of another under circumstances not constituting the offense in the first degree.

Well, it's definitely not a felony, since there's no intention to commit another crime, and this isn't a gov't database.
As for it being a misdemeanor, you'd have to argue that noting down which systems are broadcasting their identification information somehow constitutes "without authorization, intentionally gain[ing] access to a computer system or electronic database of another." If they tried to access the information in your car's system, that would be one thing, but this is no different than just wri

How the hell can you read that and come away with the conclusion that looking at information your device broadcasts is a violation? They're not 'gaining access' to anything, so that automatically rules out all three offenses. Worse yet, you come up with the brilliant conclusion that it is a FELONY. Is your BT a 'computer or database maintained by a goverment agency?' Is there any indication that this supposed 'access' is done with the intent to commit another crime?

Your vehicle already had a big bright license plates, in the front and the back, advertising your license plate number to anyone who cares to look. People, cameras etc. etc. And yes we have had automated readers of license plates for quite some time. What sort of *new* privacy concerns does the bluetooth device introduce?

This is different from reading license plates in that it's a lot less effective for tracking people (since bluetooth MAC addresses aren't tied to people's identities in a government database from the get-go like license plates are). It's also likely much cheaper.

Your answer seems to imply that the older method of reading license plates is a more precise privacy busting tool. If that is correct then we are in agreement. The hoopla over bluetooth scanning of vehicles is unwarranted.

yes but for example on a 6 lane N/S Road, with lots of traffic northbound in the morning and lots of traffic southbound in the evening (rush hour), can be changed from 3/3 lanes both directions to 4/2 n/s morning and 2/4 n/s evening. should there be traffic at different times of the day, at say 6-8 PM and 10-12 PM, (say a hockey games traffic) it can automatically adjust the lanes depending on the amount of traffic. heck it could even go to 5/1 or 1/5 depending on volume at the time.

Axle counters can tell you the volume of traffic, but don't really tell you the speed of the traffic (does a count of zero axles in 30 seconds mean no traffic, or traffic at a dead stop?) Volume of traffic is important for long-range planning (ie increase number of lanes, etc). Speed reporting is much more useful for adjusting things like traffic light timing in real time. If you know traffic is moving at 40MPH and there is are 2 traffic lights x distance apart you can time the lights so the traffic does

Axle counters can tell you the volume of traffic, but don't really tell you the speed of the traffic (does a count of zero axles in 30 seconds mean no traffic, or traffic at a dead stop?)

Axle counters (and magnetic field loop detection and computer-vision-based detection, both of which are more common for the application we're talking about) do tell you the speed of the vehicles in every situation except for a major accident with all lanes blocked. And you can tell when that happens because the map turned

How this is better than the current axle counters they have I don't know, in fact I see it as probably worse. since it's not quite as accurate. maybe easier to plug into the traffic control systems.

It's worse, but cheaper. I don't know about the relative accuracy for reporting speeds, but it has the substantial disadvantage of not being able to report vehicle counts (since you don't know how many vehicles are traveling without using Bluetooth).

Why is not knowing vehicle counts a 'substantial disadvantage'? If the purpose of the information (as it says in TFA) is to adjust traffic signals based on the speed of the traffic, then the volume doesn't matter.

Vehicle counts start to matter as soon as you want to do any kind of deeper engineering analysis or design. For example, you might want to be able to answer questions like "how do speeds correlate with volume -- do they drop linearly, or suddenly at some 'critical' volume?" or "how much excess capacity does my road have?" or "did this change I made to the road actually increase capacity, or did speeds just seem to improve because fewer people happen to be driving on it this week?"

Oddly enough, nobody made a claim that vehicle counts never matter. What I said (I thought rather clearly) was that IF the purpose is to adjust traffic signals based on the speed of traffic THEN vehicle counts do not matter.

Obviously things like axle counters and induction loops have been around for decades. Yet for all those decades we (as drivers) still have precious little information to use on traffic conditions. Most traffic lights still seem to be either pure timers or change based on the fact that

Oh. Sorry, in that case the answer was "I don't really care what the purpose as expressed in TFA is, I care about what vehicle detection systems are good for in general."

Besides, "mak[ing] traffic signal settings based on (the information)" as the article talks about is a flexible enough idea that it could encompass ad-hoc manual adjustments where speed-only data would be useful (although you'd still want to look at the cameras while you're doing it) as well as longer term design-and-engineer-a-better-defau

I thought they were already doing this in Boston, maybe not... In any case I always assumed this was a way for the states to make money. They own the highways, therefore the exclusive rights to put these sensors up, and therefore exclusive access to hyper-accurate realtime traffic data that they can license out to the likes of google and apple for their map applications. I suppose it could simply be used to provide information for the "X minutes to airport" signs they have on most highways now.